How to Build Your Own Cyber Security Framework using a Balanced Scorecard
-
Upload
energysec -
Category
Technology
-
view
668 -
download
0
description
Transcript of How to Build Your Own Cyber Security Framework using a Balanced Scorecard
![Page 1: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/1.jpg)
How to Build Your Own Cyber Security Framework
using a Balanced Scorecard"
Russell Cameron Thomas!EnergySec 9th Annual Security Summit!
September 18, 2013!
Twitter: @MrMeritology!
Blog: Exploring Possibility Space!
![Page 2: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/2.jpg)
Who here loves frameworks?!
![Page 3: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/3.jpg)
Who here loves frameworks?!
NIST Cyber Security Framework?!Other?!
![Page 4: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/4.jpg)
Frameworks can matter (a lot)
![Page 5: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/5.jpg)
Frameworks can matter (a lot) if they are instrumental in
driving new levels of Cyber Security Performance
![Page 6: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/6.jpg)
What the hell is “Cyber Security Performance”?!
![Page 7: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/7.jpg)
Yes, “Cyber”!
![Page 8: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/8.jpg)
Yes, “Cyber”!Confluence of…!• Information Security!• Privacy!• IP Protection!• Critical Infrastructure Protection & Resilience!• Digital Rights!• Homeland & National Security!• Digital Civil Liberties!
![Page 9: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/9.jpg)
What the hell is “Cyber Security Performance”?!
![Page 10: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/10.jpg)
“Cyber security performance” is… "
… systematic improvements in an organization's dynamic posture
and capabilities relative to its rapidly-changing and uncertain adversarial environment.”!
![Page 11: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/11.jpg)
“Cyber security performance” is… "
…Management By Objectives!
(Drucker)!
![Page 12: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/12.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
![Page 13: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/13.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
![Page 14: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/14.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
…Organization learning, agility!
![Page 15: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/15.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
…Organization learning, agility!
… and good practices!
![Page 16: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/16.jpg)
“Performance” vs “Practices”!
![Page 17: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/17.jpg)
Using the Universal Language of Executives….���
![Page 18: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/18.jpg)
Using the Universal Language of Executives….���
![Page 19: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/19.jpg)
![Page 20: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/20.jpg)
"Keep your head still"
![Page 21: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/21.jpg)
"Keep your head still"
“Keep your arm straight”
![Page 22: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/22.jpg)
"Keep your head still"
“Keep your arm straight” “Swing on
one plane”
![Page 23: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/23.jpg)
"Keep your head still"
“Keep your arm straight” “Swing on
one plane”
“Swing easy”
![Page 24: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/24.jpg)
"Keep your head still"
“Grip it and rip it!"
“Keep your arm straight” “Swing on
one plane”
“Swing easy”
![Page 25: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/25.jpg)
"Best practices" are like golf tips… ������
![Page 26: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/26.jpg)
"Best practices" are like golf tips… ������
Golf tips alone don't make good golfers���
![Page 27: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/27.jpg)
Why Agility?
Why Rapid Innovation?!
![Page 28: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/28.jpg)
![Page 29: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/29.jpg)
State ofthe Art!
Lagging"InfoSec"Program!
![Page 30: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/30.jpg)
Time for some drama!
![Page 31: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/31.jpg)
Time for some drama!
Set in the Summer of 2017!
![Page 32: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/32.jpg)
“I in central Texas.”
t was another long heat wave
![Page 33: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/33.jpg)
Spare generating capacity was dangerously low!
![Page 34: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/34.jpg)
You run information security!at a large industrial company!that includes several and cogeneration.!
![Page 35: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/35.jpg)
Thanks to deregulation and incentives, microgrids have taken off, especially in Texas
= 10+ microgrids
Microgrid Adoption, 2017"
![Page 36: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/36.jpg)
In recent days, instead of selling its excess power, your firm was buying at peak spot prices."""This was strange.!
![Page 37: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/37.jpg)
18 months earlier
You"Energy Ops "Manager"
Business"Continuity"Manager"
![Page 38: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/38.jpg)
Effective Response, Recovery & Resilience"
![Page 39: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/39.jpg)
Your Microgrid Automation""
hosted"auto-configuring"software"reporting/trending!system config!diagnostics!
Internet
Microgrid"Supervisory"Controller"
12 months earlier
![Page 40: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/40.jpg)
Spot trading was largely automated���via microgrid automation software.���
12 months earlier
![Page 41: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/41.jpg)
Optimize Exposure"
![Page 42: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/42.jpg)
Insiders?
Threat Intelligence
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
24 months earlier
![Page 43: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/43.jpg)
Our New Capability: Attack-driven Defense"
1. Raise cost to attackers
2. Increase odds of detection
3. Iterate defense based on real attack patterns
24 months earlier
source: Etsy h7p://www.slideshare.net/zanelackey/a7ackdriven-‐defense
![Page 44: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/44.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
Threat Intelligence Yesterday
![Page 45: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/45.jpg)
Effective Threat Intelligence"
![Page 46: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/46.jpg)
Sensors & Pattern Detection for Anomalous User Behavior"
24 months earlier
Any Non- Tech. Tech.
source: Etsy h7p://www.slideshare.net/zanelackey/a7ackdriven-‐defense
User Class
![Page 47: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/47.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
X Threat Intelligence
X
Yesterday
![Page 48: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/48.jpg)
Quality ofProtections & Controls"
![Page 49: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/49.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
X X
Threat Intelligence Yesterday
![Page 50: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/50.jpg)
Efficient/Effective Execution & Operations"
![Page 51: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/51.jpg)
12 months earlier
![Page 52: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/52.jpg)
Effective External Relationships"
![Page 53: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/53.jpg)
The Crime:"
ArDficially Congested
Subsided Generators
Manipulation of Wholesale Market Subsidies
Conges'on pa+erns, July 14, 2017
![Page 54: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/54.jpg)
Losers: You and hundreds of other microgrids forced to generate spot market bids during price spikes. (Botnet-style. Each loses a little $$)
Scam: Generate losing trades in one market to make money in another market
![Page 55: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/55.jpg)
Attack: Compromised Hosted Auto-Configuration Software
"hosted"auto-configuring"software"reporting/trending!system config!diagnostics!
Internet
Microgrid"Supervisory"Controller"
![Page 56: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/56.jpg)
The Attackers"
Insider: Contractor at web application software company
Outsider: Hedge fund manager bribed contractor with profit sharing
![Page 57: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/57.jpg)
Gold Man Hacks Bid Probe "2017"
2017"
Gold Man Hacks Faces Record Fine Over Energy
![Page 58: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/58.jpg)
Over the last 24 months
Adap've Threat
Intelligence
A+ack-‐ driven Defense
Expanded External
Engagement
Expanded Detec'on & Response
Metrics
![Page 59: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/59.jpg)
Effective Agility & Learning"
![Page 60: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/60.jpg)
Over the last 24 months
![Page 61: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/61.jpg)
Effective Design & Development"
![Page 62: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/62.jpg)
Over the last 24 months
![Page 63: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/63.jpg)
Optimize Cost of Risk"
![Page 64: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/64.jpg)
Over the last 24 months
![Page 65: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/65.jpg)
Accountability & Responsibility"
![Page 66: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/66.jpg)
The End
![Page 67: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/67.jpg)
Summary:
The Ten Dimensions of
Cyber Security Performance!
![Page 68: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/68.jpg)
Actors
Systems
The Organiza7on
Events
Context"
![Page 69: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/69.jpg)
Actors
Systems
1. Exposure
Events
Dimension 1:Optimize Exposure"
![Page 70: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/70.jpg)
Actors
Systems
1. Exposure 2. Threats
Events
Dimension 2:Effective Threat
Intelligence"
![Page 71: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/71.jpg)
Actors
Systems
1. Exposure
3. Design & Dev.
2. Threats
Events
Dimension 3:Effective Design &
Development"
![Page 72: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/72.jpg)
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. Protec'on
s & Con
trols
Events
Dimension 4:Quality of Protection
& Controls"
![Page 73: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/73.jpg)
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. Execu'o
n & Ope
ra'o
ns
Events
Dimension 5:Effective/Efficient
Execution & Operations"
![Page 74: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/74.jpg)
Events
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
6. Response, Recovery
& Resilience
Dimension 6:Effective Response,
Recovery & Resilience"
![Page 75: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/75.jpg)
Opera7onal Cyber Security
Dimensions 1 – 6 Measure Core Performance"
Events
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
6. Response, Recovery
& Resilience
![Page 76: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/76.jpg)
First Loop Learning
“First Loop Learning”is Continuous Improvement
in Daily Operations"
![Page 77: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/77.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. Externa
l Engagem
ent
The Organiza7on
Other Organiza7ons
Government & Law Enforcement
Dimension 7:Effective External
Engagement"
6. Response, Recovery
& Resilience
![Page 78: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/78.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
Other Organiza7ons
Government & Law Enforcement
8. Agility & Learning
Dimension 8:Effective Agility
& Learning"
6. Response, Recovery
& Resilience
![Page 79: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/79.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
8. Agility & Learning 9. Total Cost of Risk
Other Organiza7ons
Government & Law Enforcement
Dimension 9:Optimize
Total Cost of Risk"
6. Response, Recovery
& Resilience
![Page 80: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/80.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
Total Cost of Risk
10. Accountability & Responsibility
Stakeholders
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
Dimension 10:Accountability
& Responsibility"
6. Response, Recovery
& Resilience
![Page 81: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/81.jpg)
Dynamic Capabili7es
Dimensions 7 – 10 Measure Systemic
Agility"
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
Total Cost of Risk
10. Accountability & Responsibility
Stakeholders
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
7. External Engagem
ent
6. Response, Recovery
& Resilience
![Page 82: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/82.jpg)
Second Loop Learning
“Second Loop Learning”is Innovation
and Reinvention*"
* Individual and CollecDve
![Page 83: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/83.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. Protec'on
s & Con
trols
5. Execu'o
n & Ope
ra'o
ns
Actors
7. Externa
l Engagem
ent
Stakeholders
10. Accountability & Responsibility
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
Ten Dimensions ofCyber Security
Performance"
6. Response, Recovery
& Resilience
![Page 84: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/84.jpg)
Last thought…!
![Page 85: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/85.jpg)
“Can’t you make it simpler?”!
![Page 86: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/86.jpg)
“Can’t you make it simpler?”!
“We need a crayon version for executives and other
business and policy types”!
![Page 87: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/87.jpg)
Sure!
![Page 88: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/88.jpg)
Sure!• “Transcendental numbers hurt my head”!
![Page 89: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/89.jpg)
Sure!• “Transcendental numbers hurt my head”!• Declare π = 3.0!
![Page 90: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.fdocuments.in/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/90.jpg)
Sure!• “Transcendental numbers hurt my head”!• Declare π = 3.0!• But we lose something essential!
“Circle”